Today’s security management efforts are based on risk management principles. In other words, security resources are applied to vulnerabilities that pose the greatest risk to the business. There are several processes for identifying and prioritizing risk. One of the most effective is threat modeling.
There has been much written about threat modeling. But most of the papers and books come at the problem of threat and vulnerability management from an academic perspective. The papers and articles that do take a business management approach typically cover one or two aspects of the process.
This paper is a practical, high-level guide to conducting threat modeling activities within a business environment. It begins by exploring why threat modeling is important. This is followed by a step-by-step process, including some tools you might find helpful.
This document is in PDF format. To view it click here.